InQuest Blog

In this short post, we dissect the inner workings of registration-free COM interop and present a known technique that red teamers can abuse to dynamically load .NET assembly logic. Additionally, minor obfuscated variations are presented in hopes of evading existing detection mechanisms. Proof-of-concept code snippets are provided in a variety of scripting languages to demonstrate versatility.

In this article, we analyze a malicious hta file that we found on VirusTotal. This instance uses a few interesting techniques to evade existing detection mechanisms. In this blog post, we provide an in-depth analysis of this instance and reveal the techniques that are utilized to keep the instance under the radar. At the time of hunting this instance, only two engines marked this instance as malicious.

ThreatIngestor helps you collect threat intelligence from public feeds, and gives you context on that intelligence so you can research it further, and put it to use protecting yourself or your organization. In this post, we will go through the process of making a twitter bot.

In this article, we dissect a sophisticated multi-stage PowerShell script that was found on HybridAnalysis a few days back. The discussion entails an in-depth analysis of the various techniques that this particular malware instance utilized to keep itself under the radar. As of writing this article, none of the AntiViruses on VirusTotal detected this sample.